diff --git a/bruno/Authsquare/Logout.bru b/bruno/Authsquare/Logout.bru index 43648e6..0dadfcc 100644 --- a/bruno/Authsquare/Logout.bru +++ b/bruno/Authsquare/Logout.bru @@ -1,7 +1,7 @@ meta { name: Logout type: http - seq: 9 + seq: 10 } post { diff --git a/bruno/Authsquare/accept.bru b/bruno/Authsquare/accept.bru new file mode 100644 index 0000000..9ae7daa --- /dev/null +++ b/bruno/Authsquare/accept.bru @@ -0,0 +1,22 @@ +meta { + name: accept + type: http + seq: 9 +} + +post { + url: http://localhost:11000/api/auth/accept + body: json + auth: none +} + +headers { + Authorization: Bearer xx.xx.xx +} + +body:json { + { + "username":null, + "password":"mypassword" + } +} diff --git a/handler.py b/handler.py index 38a1379..a29cd8e 100644 --- a/handler.py +++ b/handler.py @@ -253,6 +253,22 @@ def index(): except Exception as e: print(str(e),flush=True) return json.dumps({}, indent = 2).encode() + +@app.route('/api/auth/accept', method=['OPTIONS', 'POST']) +def index(): + try: + if request.method == 'OPTIONS': + return None + else: + response.content_type = 'application/json' + params = request.json + params["mako" ] = { + "email" : template_email.main(directory.page["email"], "message") + } + return json.dumps(api_auth.auth().accept(params), indent = 2).encode() + except Exception as e: + print(str(e),flush=True) + return json.dumps({}, indent = 2).encode() @app.route('/api/auth/login', method=['OPTIONS', 'POST']) def index(): diff --git a/modules/api/auth.py b/modules/api/auth.py index 19ce433..c94def6 100644 --- a/modules/api/auth.py +++ b/modules/api/auth.py @@ -248,7 +248,7 @@ class auth: loggorilla.prcss(APIADDR, "Define parameters") roles = params["roles" ] email = params["email" ] - username = params["username" ] + username = params["username" ] # Optional password = params["password" ] # Admin should insert their password for send invitation confirmation loggorilla.prcss(APIADDR, "Extract the Authorization token from Header") auth_header = request.get_header('Authorization') @@ -281,16 +281,16 @@ class auth: loggorilla.prcss(APIADDR, "Giving response") response["status" ] = "failed" response["desc" ] = "Email already taken" - elif username != None and result_username["count"] >= 1: + elif username and result_username["count"] >= 1: response["status" ] = "failed" response["desc" ] = "username already taken" - elif username != None and not re.match(r'^\w+$', username): + elif username and not re.match(r'^\w+$', username): response["status" ] = "failed" response["desc" ] = "username can only use letters, numbers, and the underscore symbol" - elif username != None and len(username) > 35: + elif username and len(username) > 35: response["status" ] = "failed" response["desc" ] = "username can not longer than 35 character" - elif username != None and len(username) < 3: + elif username and len(username) < 3: response["status" ] = "failed" response["desc" ] = "username too short" else: @@ -328,8 +328,85 @@ class auth: self.db_main.close() return response - def confirm(self, params): - pass + def accept(self, params): + APIADDR = "/api/auth/accept" + response = {} + allowed_roles = [0,1,2,3] + allowed_grant = globalvar.allowed_grant + self.cursor.execute("BEGIN;") + try: + loggorilla.prcss(APIADDR, "Extract the parameters from Header") + auth_header = request.get_header('Authorization') + jwt = auth_header.split(' ')[1] + payload = tokenguard.decode(jwt, globalvar.ssh['key']['public']) + loggorilla.prcss(APIADDR, "Define header parameters") + expired = datetime.datetime.fromisoformat(payload['expired']) + roles = payload["roles" ] + email = payload["email" ] + loggorilla.prcss(APIADDR, "Define username with payload as priority") + username = payload["username" ] or params["username" ] + loggorilla.prcss(APIADDR, "Define params parameters") + password = params["password" ] + loggorilla.prcss(APIADDR, "Get dependency data") + self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' ; ", (email,) ) + result_email = self.cursor.fetchone() + self.cursor.execute("SELECT COUNT(*) AS `count` FROM auth_profile WHERE username = %s ; ", (username,) ) + result_username = self.cursor.fetchone() + loggorilla.prcss(APIADDR, "Validating") + if datetime.datetime.now() > expired: + loggorilla.prcss(APIADDR, "Giving response") + response["status" ] = "failed" + response["desc" ] = "Your invitation link is expired" + elif result_email["count"] > 0: + loggorilla.prcss(APIADDR, "Giving response") + response["status" ] = "failed" + response["desc" ] = "Email already taken" + elif result_username["count"] >= 1: + response["status" ] = "failed" + response["desc" ] = "username already taken" + elif not re.match(r'^\w+$', username): + response["status" ] = "failed" + response["desc" ] = "username can only use letters, numbers, and the underscore symbol" + elif len(username) > 35: + response["status" ] = "failed" + response["desc" ] = "username can not longer than 35 character" + elif len(username) < 3: + response["status" ] = "failed" + response["desc" ] = "username too short" + else: + loggorilla.prcss(APIADDR, "Process parameters") + hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode() + token = saltedkey.token(username, hashed) + loggorilla.prcss(APIADDR, "Inserting") + self.cursor.execute("INSERT INTO `auth` VALUES (%s, %s);", (token, hashed) ) + self.cursor.execute("INSERT INTO `auth_profile` VALUES (DEFAULT, %s, %s, %s, NULL);", (token, username, email) ) + auth_profile_lastrowid = self.cursor.lastrowid + self.cursor.execute("INSERT INTO `auth_profile_verification` VALUES (DEFAULT, %s, 'email', 1);", (auth_profile_lastrowid,) ) + self.cursor.execute("INSERT INTO `auth_profile_roles` VALUES (DEFAULT, %s, %s);", (auth_profile_lastrowid, roles) ) + loggorilla.prcss(APIADDR, "Sending email") + webmail_data = { + "username" : username, + "email" : email + } + result_webmail = procedure_webmail.webmail().welcome(APIADDR, params, webmail_data) + self.smtpconfig['to' ] = email + self.smtpconfig['subject' ] = result_webmail['subject'] + self.smtpconfig['text' ] = result_webmail['text' ] + self.smtpconfig['html' ] = result_webmail['html' ] + sendwave.smtp(self.smtpconfig) + loggorilla.prcss(APIADDR, "Giving response") + response["status" ] = "success" + response["desc" ] = "Congratulation. Your account is verified." + except Exception as e: + self.cursor.execute("ROLLBACK;") + loggorilla.error(APIADDR, str(e) ) + response["status" ] = "failed" + response["desc" ] = "Internal Server Error. Please contact us if you still have an error." + finally: + self.cursor.execute("COMMIT;") + self.cursor.close() + self.db_main.close() + return response def grant(self, params): pass